New to mod_cfml, looks correct, but not working

28 views

Skip to first unread message

Derrick Peavy

unread,

Nov 9, 2020, 1:00:53 PM11/9/20

to mod_cfml

I have not successfully used mod_cfml before. I tend to multi home site and add the context in /opt/tomcat/conf/server.xml and then copy over the lucee WEB-INF folder. So, I am trying to update my methods.

Stack:

Ubuntu 20.04 LTS (brand new instance)
Open JDK 15.0.1
Tomcat 9.0.39
Lucee 5.3.7.47 WAR file

Have built mod_cfml and added the tomcat valve. But when I try to load Lucee admin page, it downloads instead of running as expected.

Here is my server.xml file with a fake sharedKey:

/opt/tomcat/conf/server.xml

```

<?xml version="1.0" encoding="UTF-8"?>

<!--

Licensed to the Apache Software Foundation (ASF) under one or more

contributor license agreements. See the NOTICE file distributed with

this work for additional information regarding copyright ownership.

The ASF licenses this file to You under the Apache License, Version 2.0

(the "License"); you may not use this file except in compliance with

the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

-->

<!-- Note: A "Server" is not itself a "Container", so you may not

define subcomponents such as "Valves" at this level.

Documentation at /docs/config/server.html

-->

<!-- Security listener. Documentation at /docs/config/listeners.html

-->

<!-- Global JNDI resources

Documentation at /docs/jndi-resources-howto.html

-->

<!-- Editable user database that can also be used by

UserDatabaseRealm to authenticate users

-->

<Resource name="UserDatabase" auth="Container"

type="org.apache.catalina.UserDatabase"

description="User database that can be updated and saved"

factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

pathname="conf/tomcat-users.xml" />

</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share

a single "Container" Note: A "Service" is not itself a "Container",

so you may not define subcomponents such as "Valves" at this level.

Documentation at /docs/config/service.html

-->

<!--

<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"

maxThreads="150" minSpareThreads="4"/>

-->

<!-- A "Connector" represents an endpoint by which requests are received

and responses are returned. Documentation at :

Java HTTP Connector: /docs/config/http.html

Java AJP Connector: /docs/config/ajp.html

APR (HTTP/AJP) Connector: /docs/apr.html

Define a non-SSL/TLS HTTP/1.1 Connector on port 8080

-->

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="1800"

maxKeepAliveRequests="1"

redirectPort="8443" />

<!--

<Connector executor="tomcatThreadPool"

port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

-->

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443

This connector uses the NIO implementation. The default

SSLImplementation will depend on the presence of the APR/native

library and the useOpenSSL attribute of the

AprLifecycleListener.

Either JSSE or OpenSSL style configuration may be used regardless of

the SSLImplementation selected. JSSE style configuration is used below.

-->

<!--

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true">

<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

type="RSA" />

</SSLHostConfig>

</Connector>

-->

<!--

=========

start my ssl config for securing tomcat FOR TLS 1.2 AND 1.3

=========

-->

</SSLHostConfig>

</Connector>

<!--

=========

end my ssl config for securing tomcat FOR TLS 1.2 AND 1.3

=========

-->

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

This connector uses the APR/native implementation which always uses

OpenSSL for TLS.

Either JSSE or OpenSSL style configuration may be used. OpenSSL style

configuration is used below.

-->

<!--

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"

maxThreads="150" SSLEnabled="true" >

<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"

certificateFile="conf/localhost-rsa-cert.pem"

certificateChainFile="conf/localhost-rsa-chain.pem"

type="RSA" />

</SSLHostConfig>

</Connector>

-->

<!-- An Engine represents the entry point (within Catalina) that processes

every request. The Engine implementation for Tomcat stand alone

analyzes the HTTP headers included with the request, and passes them

on to the appropriate Host (virtual host).

Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :

-->

<!--For clustering, please take a look at documentation at:

/docs/cluster-howto.html (simple how to)

/docs/config/cluster.html (reference documentation) -->

<!--

-->

<!-- Use the LockOutRealm to prevent attempts to guess user passwords

via a brute-force attack -->

<!-- This Realm uses the UserDatabase configured in the global JNDI

resources under the key "UserDatabase". Any edits

that are performed against this UserDatabase are immediately

available for use by the Realm. -->

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"

resourceName="UserDatabase"/>

</Realm>

<!--

=========

start next host

=========

-->

<Valve

className="mod_cfml.core" loggingEnabled="false" maxContexts="100" timeBetweenContexts="0" scanClassPaths="false" sharedKey="this is my cat sleeping" />

</Host>

<!--

=========

end next host

=========

-->

<!--

=========

start next host

=========

-->

<Valve

className="mod_cfml.core" loggingEnabled="false" maxContexts="100" timeBetweenContexts="0" scanClassPaths="false" sharedKey="this is my cat sleeping" />

</Host>

<!--

=========

end next host

=========

-->

<!--

=========

start next host

=========

-->

<Valve

className="mod_cfml.core" loggingEnabled="false" maxContexts="100" timeBetweenContexts="0" scanClassPaths="false" sharedKey="this is my cat sleeping" />

</Host>

<!--

=========

end next host

=========

-->

</Engine>

</Service>

</Server>

```

and content of /etc/apache2/mods-available/proxy.conf:

/etc/apache2/mods-available/proxy.conf:

```

# If you want to use apache2 as a forward proxy, uncomment the

# 'ProxyRequests On' line and the <Proxy *> block below.

# WARNING: Be careful to restrict access inside the <Proxy *> block.

# Open proxy servers are dangerous both to your network and to the

# Internet at large.

# If you only want to use apache2 as a reverse proxy/gateway in

# front of some web application server, you DON'T need

# 'ProxyRequests On'.

#ProxyRequests On

#<Proxy *>

# AddDefaultCharset off

# Require all denied

# #Require local

#</Proxy>

# Enable/disable the handling of HTTP/1.1 "Via:" headers.

# ("Full" adds the server version; "Block" removes all outgoing Via: headers)

# Set to one of: Off | On | Full | Block

#ProxyVia Off

# Start: Tomcat for Lucee configuration with proxy+ajp13:

# added [ProxyRequests Off] seems to have no effect, left it here because why not

ProxyRequests Off

ProxyPreserveHost On

# Skip over these directories

ProxyPass /images !

ProxyPass /lib !

ProxyPass /mint !

# Skip over these fles types

ProxyPass ^/(.+\.js)$ !

ProxyPass ^/(.+\.html)$ !

ProxyPass ^/(.+\.htm)$ !

ProxyPass ^/(.+\.php)$ !

ProxyPass ^/(.+\.gif)$ !

ProxyPass ^/(.+\.gz)$ !

ProxyPass ^/(.+\.ico)$ !

ProxyPass ^/(.+\.jpg)$ !

ProxyPass ^/(.+\.jpeg)$ !

ProxyPass ^/(.+\.mov)$ !

ProxyPass ^/(.+\.png)$ !

ProxyPass ^/(.+\.tar)$ !

ProxyPass ^/(.+\.tif)$ !

ProxyPass ^/(.+\.tiff)$ !

ProxyPass ^/(.+\.pdf)$ !

ProxyPass ^/(.+\.txt)$ !

ProxyPass ^/(.+\.xml)$ !

ProxyPass ^/(.+\.zip)$ !

# Main directives

ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://127.0.0.1:8009/$1$2

ProxyPassMatch ^/(.+\.cfchart)(/.*)?$ ajp://127.0.0.1:8009/$1$2

ProxyPassMatch ^/(.+\.cfml)(/.*)?$ ajp://127.0.0.1:8009/$1$2

# ProxyPassReverse does not matter in our case

ProxyPassReverse / ajp://127.0.0.1:8009/

# Alternate, minimum settings (remove everything above this) if you need to do this

# ProxyPreserveHost On

# ProxyPassMatch ^/(.+.cf[cm])(/.)?$ ajp://127.0.0.1:8009/$1$2

# ProxyPassMatch ^/((flashservices/gateway|messagebroker/|flex2gateway/|openamf/gateway/).) ajp://127.0.0.1:8009/$1

</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

```

And apache is running the modcdml_module I built.

Jordan Michaels

unread,

Nov 9, 2020, 1:09:43 PM11/9/20

to mod_cfml

A downloading file is an indication of a problem with your Apache config. I would verify that mod_proxy is loading.

From there, your proxy config looks a little dated (cfchart was for OpenBD IIRC) and some of the options I don't recognize, like "ProxyRequests". There is a known-working & simple proxy config mentioned on the mod_cfml doc site here: